Lenovo Patches Arbitrary Code Execution Flaw

May 7, 2018


Lenovo issued a pair of security advisories on Friday for its popular ThinkPad line and System x servers. One bug is tied to an authentication flaw in the Secure Boot process; and the other to a vulnerability that would allow for arbitrary code execution.

The company’s internal testing team discovered the first Secure Boot issue (CVE-2017-3775), which is rated as high-severity. Impacted are nearly a dozen enterprise-class Lenovo systems ranging from its System x, Flex System and one high-density NeXtScale nx360 M5 model server.

Secure Boot is an Intel firmware feature, which acts as a security gate or interface between an operating system and the firmware/BIOS.

Read More on Threat Post